Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
General: Account Security & You
SBFord
Former Associate EditorMember LegendaryPosts: 33,129
With the recent Sony Online Entertainment account security snafu, players are more concerned than ever with protecting their financial and private data. In today's Guild's Eye View, MMORPG.com columnist Sean Stalzer discusses the idea of account security and the games we love. Check it out and then leave us a comment or two.
As I have said before, I am a big believer that strong communities are the lifeblood of a successful MMORPG. There are certainly other critical factors as has been brought up in a number of the previous articles' replies but without a successful community, the overall MMORPG is not going to succeed. By community I do not necessarily mean any specific guild. Rather the overall community of the game. The people that post to the forums... the ability to get groups in game... the ability to meet up with friends... the ability to form guilds if you wish... a thriving economy to buy and sell what you need from the game and within the rules of the game and so on.
Read more of Sean Stalzer's Guild's Eye View: Account Security & You.
)
Comments
You can find an interview with a Gold Farmer on you tube.
In that he says how most accounts get hacked.
The hackers hack the fan sites and guild forums first.
From there they get
Handle
email
password
And since most people are so lazy they use the same 3 for the games themselves... the rest is easy.
So the solution is simple: DON'T use your game log in password on the forums! - any forums!
And developers should force players to change account log in passwords periodically.
Nothing says irony like spelling ideot wrong.
Yeah. No reason to single out Sony for anything right? They were simply the victims of hackers, a tsunami and earthquakes. This could have happened to anyone.
This isn't about logging off and logging back on to toons mate. This was sloppy and negligent security by Sony that has compromised 100 MILLION users identities, not gold farmers or whatever worthless pixelated item you take pride in.
Protecting what we can is our job. Protecting the information we MUST submit in order to play a game is THEIR job.
Sony is probably a bad example.. as it is the kind of security that can't be verified by the players (until its too late that is.) personal security in the form of authenticators. personally i think all MMO's should have them.. and the idea of bundling them with the game is a really good one imo.. thats definitely something i would like to see more of.. but if anything.. im kind of hoping that what happened to Sony will encourage other MMO companies not to cut the same kinds of corners when it comes to protecting their customers data etc.. a lesson Sony are learning late.. but.. better late than never.. Security affects us all, lack of it.. or bad security will make the players feel insecure about the game.. and they'll likely move on.. as for Rift.. well.. personally i would like to see Eve Online implement physical authenticators too.. as someone who doesnt use mobile phones.. these freebies apps are less than useless.
easy fix guys. get a credit card with a 250$ monthly limit and use only that for your online gaming/whatever else you do when alone on the computer stuff.
QFT! Well said!
Complex passwords, different for EVERY game and as someone else said, keep a cheapo credit card for all your gaming subs. $200 or less.
How would either of these have helped in the Sony fiasco?
Again, this isn't about your password.
This isn't about your toons.
This isn't about your virtual "stuff".
This is about your IDENTITY and them not securing your pesonal data that you are REQUIRED to provide.
People are being such hypocrits these days when they yell & scream at Sony for their info being stolen. Then you google up their name, and all of a sudden you find tons more personal information that they voluntarily put online for others to see, including pictures and videos, date of birth, current residence, current/past employment, fav color, fav sports team, fav music, etc... Seriously, account security starts with the users. We can blame the companies all we want, and I do blame Sony for being hacked. But you got to learn better security practice yourselves.
1. Don't use forum handles that match your gaming account usernames!
2. Don't use the same password for your forum browsing, banking account, and gaming accounts!
3. Don't use the correct answers to the secret questions, because you'll be surprised how easy it is to find your city of birth, mother's maiden name, your favorite color, name of high school you went to, your fav sports team, your birthday, etc... This is one of the most common ways for people to reset your account passwords with.
4. Don't use the same password for your gaming account as the email account password you have linked to your gaming account.
5. Don't post your real personal information on facebook, myspace, youtube channel, forum profiles, etc.. then go cry about how SOE just leaked your personal information. I'm fine with people wanting to post their real information, it's your life. But don't cry if another company gets hacked and supposedly leaked your "personal info". You'll be surprised how a good chunk of your personal information are not personal at all.
Sony got hacked, they're taking responsibilities for it. They're offering free monthly game subscriptions as well as free credit monitoring. These are steps any companies should take when they get hacked. These are not steps you would take if a company isn't owning up to their mistakes. So you can keep screaming and laughing at Sony all you want, but they appear to be taking steps to get better, to offer their customers credit monitoring as well as free gaming time, to do complete security audit which you'll be surprised how infrequent these happen to big companies.
In the age of social media, where everybody knows so much about you by simply visiting your facebook or youtube channel, you are always at risk of getting your identity stolen. Companies should do whatever it takes on their part to secure their networks, yes. I hope Sony learns from their mistakes, and other companies take notice. But a lot of the problems got to start from within. Simply put majority of the gamers are not dotcom savy and don't really know the in's and out's of how the internet works. With more and more things get hooked up online, including your dvd/blu-ray players now are constantly hooked up to your netflix account for an example, or your ipad/iphones/androids that are always hooked up online and store your location (lol), you will see more and more theft and hacks in the future. So best take steps to protect yourselves and always assume companies you use may get hacked.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Tjeez Mardy! Are you paid by Sony or something?
Don't play MMOs run by companies with terrible IT practices?
How am I defending Sony when I bolded that Sony is at fault for having their systems get hacked? Do you have any idea how much info I can find out about you spending only 5 minutes on google?
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Go ahead and PM it to me within 5 mins. No... I gladly give you 10 minutes even.
THIS is the best defense.
Done, pm'ed.
I gave you your real name, email address, home address, phone number, past employment history, current employment, your facebook url, your linkedin page, date of birth without the year but shouldn't be hard to find that given more time, Not bad for 5mins of work I'd say
Oh and you also own JeroKane.com, cool site by the way, I'm into astronomy myself. But you should really have domain whois privacy turned on.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
That's a bit cheaty since there aren't that many people in Oslo, Norway (!).
Playing MUDs and MMOs since 1994.
Why not allow people to use those "security tokens" a lot of mmo's use for logging on these days for more than just video games.
Maybe allow customer's to have an option to enable an extra pin code for credit card transactions from a token like that.
It doesn't have to be a token.. but i think it would be more secure.. a smart phone could probably connect to an app or w/e.. but smart phones can be hacked too... Not much to hack in a small token that acts as a receiver with an LED number display lol
I'm sure there would be some way to hack into w/e system stores the random number generator for those tokens.. but it would certainly make theft a lot more difficult than it is these days.
It would be nearly impossible for somebody to steal your number unless they were in close proximity in order to intercept your incoming number signal. Not conducive to large scale theft imo.
Not bad and some stuff like my address was outdated. But no biggy.
Point is. The info you found about me, is info I don't mind you to know and also partly related to my job as IT consultant.
The info I have to put in to play an Online Game at SOE for instance, contains information I DO NOT want to be public! And I expected SOE to take good care of that sensitive information to the best of their abilities. And they did not and now it ended up in the wrong hands!
lol I don't even know where that is!
But eh, it kinda shows you people get so angry about their name, address, phone, email, DoB get leaked. Yet in 5 mins I got that all from his forum Username. Imagine what I can find if I spent more time on it.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
I hear ya, I really hope they completely redo their infrustructure, and secure their network both on the PSN side and SOE side. I don't play playstation but I would imagine Microsoft is now digging though Xbox Live making sure the same won't/can't happen to them lol.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
I just googled my mmorpg.com info and it only shows me on mmorpg.com. Everything else links to silly youtube videos heh.
Playing MUDs and MMOs since 1994.
I didn't bother, as the information on the domains I own is outdated and they never bothered to update it correctly, eventho I submitted it plenty of times lol.
And thanks. I'm a SciFi fanatic and love astronomy!
Well I am not even sure that Blizzard and WoW was a good example to use here either. Sure they return your in-game things but the thing is, it should not have happened in the first place. And since when does EVERYONE in WoW get their stuff back in less than 24 hours when it takes 1-2 weeks before they even answer your ticket? You can never get through to their phone and they have no 24 hour service for people who have these emergancies to call. All of those hackings on WoW are not just explained by keyloggers either because people who did not even have their accounts active on WoW had them turned on without the account owner even knowing nor did Blizzard contact the owners of these accounts to let them know that they had been unknowingly hacked even though we were putting ion tickets telling Blizzard that this person was being hacked if it was not the person themselves they did not believe us even though we knew the person and knew that their account was inactive.
As far as costumer service according to how most people who have played WoW and have experienced how they deal with hacking rate them as a D on the BBB. So I don't think that was a good one to use. http://www.trustlink.org/Reviews/Blizzard-Entertainment-205737049 this is directly in reviews of Blizzard in the BBB.
One thing you can say in this is that Sony has let everyone know who's information got out Blizzard doesn't even do that. Not to get off the topic here.
Ok we have an obligation to secure ourselves as well as the game makers have an obligation to keep what they have of us secure. One option I have found for more security that I can do is called mastercardsecurecode.com It gives you an actual online pin # seperate from the one you use in stores over 350,000 online shopping places uses this. I think this is one of the first things game makers should implement is that option to use it when we purchase a game and all institutions that give these cards out should be required to offer this option as some of them do not.
Game makers need to make sure that their are firewalls inside of their games to keep the hackings from happening and that is one thing I can say Sony has kept out is in-game hacking on SOE. People's accounts were not constantly getting hacked on EQ2 like they did on WoW and one thing people say Sony doesn't take our security seriously enough well if they did not they would have done what their game players and their pockets preferred this weekend and brought up their games, but they did not because they know that until things are secure there may still be security issues at hand.
I played WoW for 3 years and the same site was selling gold as was when I started playing WoW and no matter how many times it got reported they came back in. So when you say they took steps I think maybe they did not go far enough with those steps because they are still getting hacked. When I turned off my account with WoW a little less than a month ago the same site was still selling gold so no their problems have not been fixed. And yes I think the authenticators should be free due to the fact that why are we paying them to secure our accounts when we already pay them $180,000,000 a month for 12,000,000 accounts. Last year Activision Blizzard netted 4 billion dollars and then actually brag about it online to show us how stupid we really are for having to pay for those authenticators which in some cases did not even work if you follow everything that everyone says in the first link I gave. Blizzard just allowed the hacking to continue too. They did not take the game down because they were afraid that they would lose money verses keeping their users secure. Within a month after Cataclysm was released the bots were back as well.
Security has to be a top priority of the gamemakers like you said before launch not after the fact. As well as it being our own top priority to secure ourselves and what sites we go to and everything else. I am fairly new to computers but one thing a good friend of mine told me was you don't want to surf too much because not only does it clog up your computer it also puts it at risk to be hacked.
I clean my computer every night before I go to bed and then shut it off. If you leave your computers on there is more chance of them getting accessed. Like the other night I came home and found out my internet had been turned off due to someone putting my internet PW in too many times so someone was trying to hack straight into my home. Thanks to my internet company being on top of security they had no chance to get in. They constantly monitor what is going on. Blizzrd you can't even call after 9 P.M. PTD so therefore you really think that they are monitoring everything and like they can not afford to with what we pay them?
So I am a firm believer that it is everyone's responsibility all the way around not just one person. Just like my bank does not offer securecode so I went to them to try and get it changed they did nothing more or less so now I went above their heads. That is how these things get taken care of. I am doing what I am doing not to just secure me but my bank and my card maker as well by taking the steps I am taking. If then my bank still refuses to get it available for me I will move to a bank who will.
Just like I left WoW because of terrible costumer service and seeing everything as far as gold sellers and everything else still just as bad in Cataclysm. Not so much as personal accounts being hacked but the hackers are still getting in one door won't take them long before they are in the next. The longer they are allowed into Blizzards system the deeper they are going to get. And yes my guild was affected but I was to the point with such terrible product and costumer service that it did not matter to me anymore. I cared about my friends but my security and them listening is more important.`
Here's the disturbing thing. We don't know that Sony was using terrible IT practices. In fact there is a lot of concerned scuttlebut in the IT and security industry that at least from initial reports and rumors, they appeared to for the most part be using best practices standards. There does not appear to be any easy to spot holes or glaring screw ups outside of having that 2007 database still exposed on the SOE side. In mild defense of Sony they did spot and respond to the hack very fast. Much faster than many other industries have. The intrusion was spotted within a day and was immediately actied apon. Customers were alerted to a problem within a matter of days once it was investigated. I know we all bitch that it could have been faster. But honestly I don't see how. real life is not a Michael Bay movie. Some australian blonde doesn't just jump up in the monitoring room and declare "they are hacking air force one!". If an intrusion gets through there is often some lag in detection. Sony's was actually pretty fast comparred to others. (many others have gone weeks or months without noticing.)
So this is where it gets scary, and will stay that way until some sort of post mortem is released on what happened to Sony. We don't know how they got in. We don't know that it was some negligent practice on Sony's part, or if they just happened to be the target of oportunity and the same attack could just as easily breached Blizzard or EA or Amazon.com or iTunes or XBL. I assure you there are alot of security people at any online company that are sweating bullets this week wondering what happened and can it happen to them?
And here is the kicker. No client side security would have done a bit of good in SOE's case. Authenticators? Complex Passwords? That e-mail trick of Rift's? All are meaningless if the hackers have access to the server side of the equation. With the breach of SOE we are all in uncharted territory security wise. About the best we can do is only use prepaid game cards instead of CC's and pray. They are not just after your gold and your mighty vorpal sword of kobold slaying. This last breach hit the real world. We need to think long and hard about what that means.
Buying and using a diffferent authenticator for each online application you use is just not practical.
It is also the age of downloads. Most online applications never see the light of day on retail store shelves. Bundling an authenticator in the hypothetical retail box would only be practical for mass distributed applications such as World of Warcraft that do appear on store shelves. Authenticators could be distributed separately if there were an industry standard authenticator for all online applications and you could use a single authenticator for several different applications.
You need to read the Original Article
First paragraph:
Although the recent issues with PSN have many of us thinking about a different kind of security, I delve into individual account hacking in this column. Individual account hacking is the kind of hacking that has plagued WoW for years and that cropped up in Rift nearly as soon as the game went live.
Yes, SONY didn't do their job. But that is not what the point of this column is.
The point is what should companies be doing about individual account security? Could they do more?
Well, they can only do so much - if YOU as an account holder choose to make it easy to access your account by giving your account information to friends, family, power levelling services... writing your password on a post it note and attaching it to a monitor at work... then you really cannot blame companies like Blizzard when your account gets hacked, can you?
Now, to be fair, there are circumstances that we do allow others access to our accounts. That's a reality that game companies need to address too perhaps?
I have worked for a number of companies that had IT (account security) policies that were out of touch with reality.
But for security to work - it's a two way thing.
Nothing says irony like spelling ideot wrong.